Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
500 views
in Technique[技术] by (71.8m points)

asp.net - CORS settings for IIS 7.5

Could someone please help me, convert the following code for use in the web.config in IIS 7.5 and where in the web.config file I should place each piece of code?

# Always set these headers.
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"

# Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

If you are asking this to solve CORS problem, you can follow this solution below.

NOTE: Before adding all this you should consider security issues.

  1. Add this to your web.config file:

    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <add name="Access-Control-Allow-Origin" value="*" />
          <add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, HEAD, OPTIONS" />
          <add name="Access-Control-Allow-Credentials" value="true"/>
          <add name="Access-Control-Allow-Headers" value="X-Requested-With, origin, content-type, accept" />
        </customHeaders>
      </httpProtocol>
    </system.webServer>
    
  2. If you have Content-type parameter in your ajax call or you are doing PUT request.Those are considered as PreFlight requests.Preflight requests are doing OPTION request before sending main request(PUT,DELETE etc).You can add below method to your global.asax file to pass successfully OPTION process:

    protected void Application_BeginRequest()
    {
        if (Request.Headers.AllKeys.Contains("Origin") && Request.HttpMethod == "OPTIONS")
        {
            Response.Flush();
        }
    }
    

To have more information about Preflight requests you can check here

For solution number 2 you can have detailed information from here


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...